System-Defined Roles and Associated Permissions

This topic contains information about the system-defined roles in the Lazsa Platform and the specific permissions associated with the various platform components per role. Understanding these roles and the associated permissions helps you assign roles effectively. You may want to customize a system-defined role as per your requirements.

Contents

 

Permissions Associated with System-Defined Roles

This section contains permissions assigned to the system-defined platform roles and system-defined product roles. Review the permissions before you assign system-defined roles to users. If the access control and permissions offered by system-defined roles do not meet your specific requirements, you can create custom roles.


System-Defined Platform Roles

A Configuration Administrator can manage various settings and configurations across the platform, including user details, roles, teams, organization hierarchy, cloud platforms, tools configurations, and more.

Component Permissions Mapped to the Component
Users

  • Create

  • View

  • Edit

  • Delete
Roles

  • Create

  • View

  • Edit

  • Delete
Organization Hierarchy

  • Add

  • View

  • Edit

  • Delete
Teams

  • Create

  • View

  • Edit

  • Delete
OpenShift Configuration

  • Configure

  • View

  • Edit

  • Delete

 
Dropdown Field Settings

  • Add

  • View

  • Edit
Scheduler Settings

  • Add

  • View

  • Edit
Workflow Usage

  • Add

  • View

  • Edit
Lazsa Orchestrator Agents

  • Add

  • View

  • Edit

  • Delete
Secret Management

  • Configure

  • View

  • Edit

  • Delete
Maturity Assessment

  • Manage

  • View
Cloud Tag Settings

  • Manage

  • View
Machine Configuration Settings

  • Manage

  • View
Security Settings

  • Manage

  • View
Themes Settings

  • Manage

  • View
Audit Log Settings

  • Manage

  • View
Terminology Settings

  • Manage

  • View
Custom Field Settings

  • Manage

  • View
Agile Project Settings

  • Manage

  • View
Configuration   View
Security & SSO

  • Manage

  • View
Cloud Platforms

  • Create

  • View

  • Edit

  • Delete
Audit Logs   View
Account Info

  • Manage

  • View
Data Crawler

  • Create and Run

  • View

  • Rerun

  • Delete
Data Catalog

  • Create

  • View

  • Import

  • Delete
Policy Template

  • Manage

  • View
Branch Template

  • Manage

  • View
Workflow Template

  • Manage

  • View
Technologies and Testing Tools

  • Select

  • View
Kubernetes Cluster Configuration

  • Configure

  • View

  • Edit

  • Delete
Terraform Configuration

  • Configure

  • View

  • Edit

  • Delete
Agile Planning Tools

  • Configure

  • View

  • Edit

  • Delete
Document Management Tools

  • Configure

  • View

  • Edit

  • Delete
Databases and Data Warehouses

  • Configure

  • View

  • Edit

  • Delete
Data Integration Tools

  • Configure

  • View

  • Edit

  • Delete
Data Visualization Tools

  • Configure

  • View

  • Edit

  • Delete
Systems Integration

  • Configure

  • View

  • Edit

  • Delete
Artifactory Management

  • Configure

  • View

  • Edit

  • Delete
Security Assessment

  • Configure

  • View

  • Edit

  • Delete
Source Code Repository

  • Configure

  • View

  • Edit

  • Delete
DevOps CI/CD Pipeline Configuration

  • Configure

  • View

  • Edit

  • Delete

A Configuration Viewer has view-only access to various settings and configurations across the platform, including user details, roles, teams, organization hierarchy, cloud platforms, tools configurations, and more.

Component Permissions Mapped to the Component
Users View
Roles View
Organization Hierarchy View
Teams View
OpenShift Configuration View
Dropdown Field Settings View
Scheduler Settings View
Workflow Usage View
Lazsa Orchestrator Agents View
Secret Management View
Maturity Assessment View
Cloud Tag Settings View
Machine Configuration Settings View
Security Settings View
Themes Settings View
Audit Log Settings View
Terminology Settings View
Custom Field Settings View
Agile Project Settings View
Configuration View
Security & SSO View
Cloud Platforms View
Audit Logs View
Account Info View
Data Crawler View
Data Catalog View
Policy Template View
Branch Template View
Workflow Template View
Technologies and Testing Tools View
Kubernetes Cluster Configuration View
Terraform Configuration View
Agile Planning Tools View
Document Management Tools View
Databases and Data Warehouses View
Data Integration Tools View
Data Visualization Tools View
Systems Integration View
Artifactory Management View
Security Assessment View
Source Code Repository View
DevOps CI/CD Pipeline Configuration View

An Executive can view portfolios, products, dashboards, release trains, and organization maturity assessments.

Component Permissions Mapped to the Component
Dashboard

  • Dashboard Admin

  • View Dashboard
Portfolios View Product Portfolios
Products View Products
Release Trains View Release Trains
Maturity Assessment View Organization Maturity Assessment

A Portfolio Owner can view dashboards, release trains, and resource planning details. They can manage portfolios and products and can view and initiate organization maturity assessment.

Component Permissions Mapped to the Component
Dashboard

  • View Dashboard
Portfolios

  • Create Product Portfolios

  • View Product Portfolios

  • Delete Product Portfolios
Products

  • Create/Edit/Delete Products

  • View Products
Release Trains View Release Trains
Maturity Assessment

  • Initiate Organization Maturity Assessment

  • View Organization Maturity Assessment
Resource Planning View Resource Planning

A Release Train Engineer can view and create release trains within the platform and has view-only access to portfolios, products, and dashboards.

Component Permissions Mapped to the Component
Dashboard

View

Portfolios

View

Products

View

Release Trains

  • Create

  • View

A Resource Manager can manage users and teams and has view-only access to portfolios, products, roles, resource details, and dashboards. They can manage financial attributes of users.

Component Permissions Mapped to the Component
Users

  • Create

  • View

  • Edit

  • Delete
Roles View
Teams

  • Create

  • View

  • Edit

  • Delete
Dashboard View
Portfolios View
Products View
Configuration View
Resource Planning View

A Tenant Administrator is the highest-level administrator with access to all the areas of the platform and is responsible for platform-wide configurations, settings, access management, and monitoring of all platform operations.

Component Permissions Mapped to the Component
Tenant Root Tenant Access

This role is assigned by default to all users who are onboarded to the Lazsa Platform. A User has view-only access to portfolios, products, release trains, organization maturity assessments, dashboards, and monitoring intelligence.

Component Permissions Mapped to the Component
Dashboard View
Portfolios View
Products View
Release Trains View
Maturity Assessment View Organization Maturity Assessment
Monitoring Dashboard View


System-Defined Product Roles

A Developer can manage design artifacts, business requirements, user stories, user feedback, technologies, development stages, and branch templates. They can configure cloud instances and clusters, and can manage Terraform runs, Jenkins job runs, and secrets throughout the product development cycle.

Component Permissions Mapped to the Component
Define

  • Add/Edit User Feedback

  • Delete User Feedback

  • Convert User Feedback to Business Requirement

  • Add/Edit Business Requirement

  • Delete Business Requirement

  • Manage User stories
Design

  • Add

  • Edit

  • Delete
Data Pipeline Studio

  • View Data Pipeline
Data Crawler

  • Create and Run Data Crawler

  • View Data Crawler

  • Rerun Data Crawler
Data Catalog

  • Import Data Catalog

  • Create Data Catalog

  • View Data Catalog
Develop Pipeline

  • Create/Edit Pipeline

  • Import Pipeline

  • Export Pipeline

  • Manage Pipeline Run Timeout

  • Manage Pipeline Version
Manage Pipeline

  • Schedule Pipeline

  • Run/Terminate Pipeline
DataOps View DataOps
Product View product
Develop

  • Manage Branch Template

  • Add Technologies

  • Delete Technologies
Deploy

  • Add/Edit Stage

  • Delete Stage

  • Add/Edit Technology

  • Deploy Technology

  • Uninstall Technology

  • Configure Instance

  • Configure Cluster

  • Manage Terraform Runs

  • Manage Jenkins Job Runs

  • Manage Secrets

Consider the following points related to this role

  • When you create or edit a product in the Lazsa Platform, in the product details, you can select one or more product owners.

  • The creator of the product is the default product owner. You can add more owners from the list of available users or remove any existing owners. Product creator cannot remove themselves from the list of owners.

  • Each product must have at least one owner.

  • After you choose product owners, the Product Owner role is assigned to them with all the permissions listed in this section.

  • You cannot assign this role explicitly to your product team members on the Teams tab of your product.

  • You cannot edit this role and cannot provide any tools' access to this role.

  • If you do not assign any other role to a product owner, the owner is not listed as a team member on the Teams tab of the product. However, you can add a product owner as a team member and assign them a product role from the list. In this case, the details of the product owner are displayed with the tag among the other product team members.

 

A Product Owner can manage design artifacts, business requirements, user stories, user feedback, technologies, development stages, and branch templates. They can configure cloud instances and clusters, and can manage Terraform runs, Jenkins job runs, and secrets throughout the product development cycle. They can edit and delete a product and can initiate maturity assessment at the product and team level.

Component Permissions Mapped to the Component
Define

  • Add/Edit User Feedback

  • Delete User Feedback

  • Convert User Feedback to Business Requirement

  • Add/Edit Business Requirement

  • Delete Business Requirement

  • Manage User stories
Design

  • Add

  • Edit

  • Delete
Data Pipeline Studio

  • View Data Pipeline
Data Crawler

  • Create and Run Data Crawler

  • View Data Crawler

  • Rerun Data Crawler

  • Delete Data Crawler
Data Catalog

  • Import Data Catalog

  • Create Data Catalog

  • View Data Catalog

  • Delete Data Catalog
Develop Pipeline

  • Create/Edit Pipeline

  • Import Pipeline

  • Export Pipeline

  • Manage Pipeline Run Timeout

  • Manage Pipeline Version

  • Delete Pipeline
Manage Pipeline

  • Schedule Pipeline

  • Promote Pipeline

  • Manage Wheel Package

  • Manage Pipeline Chaining

  • Manage Pipeline Notification

  • Run/Terminate Pipeline
DataOps View DataOps
Product

  • View Product

  • Edit Product

  • Delete Product

  • Initiate Team Maturity Assessment

  • Initiate Product Maturity Assessment
Develop

  • Manage Branch Access

  • Manage Branch Template

  • Add Technologies

  • Delete Technologies
Deploy

  • Add/Edit Stage

  • Delete Stage

  • Add/Edit Technology

  • Deploy Technology

  • Uninstall Technology

  • Configure Instance

  • Configure Cluster

  • Manage Terraform Runs

  • Manage Jenkins Job Runs

  • Manage Secrets

A Product Release Manager can manage business requirements, user stories, and user feedback and can edit product details.

Component Permissions Mapped to the Component
Define

  • Add/Edit User Feedback

  • Delete User Feedback

  • Convert User Feedback to Business Requirement

  • Add/Edit Business Requirement

  • Delete Business Requirement

  • Manage User stories
Product

  • View

  • Edit

A Product Viewer is a member or team member within a private product with view-only access to product details.

Component Permissions Mapped to the Component
Product

View

 

A Scrum Master can manage business requirements, user stories, and user feedback. They can edit product details and can initiate team maturity assessment.

Component Permissions Mapped to the Component
Define

  • Add/Edit User Feedback

  • Delete User Feedback

  • Convert User Feedback to Business Requirement

  • Add/Edit Business Requirement

  • Delete Business Requirement

  • Manage User stories
Product

  • View

  • Edit

 

Managing System-Defined Roles in Lazsa

System-defined roles provide predefined access controls for both platform-wide and product-specific functionalities. These roles allow administrators to efficiently manage user access and tool permissions without needing to create custom roles from scratch. Managing system-defined roles involves two key tasks: assigning users to platform roles and configuring tools' access for product roles. This ensures that users have the appropriate permissions to perform their responsibilities effectively.

Manage Users for System-Defined Platform Roles

You can manage user assignments for system-defined platform roles. Do the following:

  1. Go to Roles
    Go to Configuration > Platform Setup > Users, Roles, Teams & Organization Hierarchy > Roles.

  2. Click Manage Users
    On the Roles tab, locate your desired system-defined platform role, click the ellipsis (...) on the right and click Manage Users.

    Manage users for system-defined platform role

  3. Add or Remove Users
    Add or remove users and save the changes.

    Manage users for system-defined platform role

Assign Tools Permissions to System-Defined Product Roles

If you plan to use system-defined roles and expect users in these roles to have access to specific tools within a product, ensure you modify the roles accordingly and assign the necessary tool permissions to the role. This ensures that users are granted only the necessary level of access to the tools required for their specific role. It provides a granular control over who can access each tool and what actions they can perform within the Lazsa Platform. This reduces the risk of unintended access.

Do the following:

  1. Go to Roles
    Go to Configuration > Platform Setup > Users, Roles, Teams & Organization Hierarchy > Roles.

  2. Locate the Role to Customize
    On the Roles tab, locate the system-defined product role you wish to customize.

    Note:

    You cannot edit the Product Owner role.

    For example, let us assign the access privileges for Jira and Bitbucket Server to the system-defined Developer role. Click the ellipsis (...) on the right and click Edit.

    Editing the system-defined Developer role

  3. Manage Tools' Access and Permissions for the Role
    You cannot change the basic details or permissions for a system-defined role. Go to the Tools tab. Here you can decide which tools the role can access, and the actions the role can perform on each tool. For example, assign the required permissions for Jira and Bitbucket Server.

    Access permissions assigned to sysmte-defined Developer role

  4. Review Role Definition
    Click Next, review the role definition and click Done.

    Review role definition

  5. Assign Role to Users within a Product Team
    Add a user to a product in the Lazsa Platform and assign the edited Developer role to the user.

    The user inherits the access permissions specified in the role. In this example, Alex can access Jira and Bitbucket Server from the Lazsa Platform.

 

Related Topics Link IconRecommended Topics

What' next? Creating Custom Roles